📄 DeskTime Time Tracking App 1.3.671 Missing Certificate / Remote Code Execution

DeskTime Time Tracking App version 1.3.671 has an issue where due to missing TLS certificate validation, attackers, who can inject themselves into the network path between the client and the DeskTime update servers, can return a malicious executable in response to an update request and achieve...

CVE-2020-12681

Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied...

SUSE-SU-2022:3725-1 Security update for icinga2

This update for icinga2 fixes the following issues: - CVE-2020-14004: prepare-dirs script allows for symlink attack in the icinga user context. bsc1172171 - CVE-2020-29663: ignoring CRL, where revoked certificates due for renewal will automatically be renewed. bsc281137 - CVE-2021-37698: Missing...

CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...